Despite being inclined to have firms collect endless amounts of data on their customers, the British government does at least want them to protect it. Accepting a new EU law, known as the General Data Protection Regulation (GDPR), means that when introduced in 2018, British firms will be mandated to disclose any breaches that occur, and could be fined if enough protections are not in place.Over the past few years we’ve seen a number of high profile companies hit with big data breaches as hackers steal away user information by the truckload. In some cases these companies let their users know straight away, but in others it can take weeks, months or even years before the public is made aware. To combat that in future, it is now a legal mandate that firms must disclose the information in a timely manner.

LONDON (AP) — The European Court of Justice ruled Wednesday that governments must not indiscriminately collect and retain people's emails and electronic communications, dealing a blow to Britain's contentious new cyber-surveillance law.

Europe's highest court said "general and indiscriminate retention of data" by governments is unlawful and cannot be justified within a democratic society. Only targeted retention aimed at fighting serious crimes could justify such state interference, it said.

"The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance," the court said.

Last month, Britain's Parliament passed legislation that expanded the reach of state surveillance. Dubbed the "snoopers' charter" by opponents, the law requires telecommunications companies to keep records of all customers' emails and web activity for a year, and gives officials unprecedented access to such information. A range of government departments, from police to customs officials, can access the data without a warrant.

LONDON (AP) — The European Court of Justice ruled Wednesday that governments must not indiscriminately collect and retain people's emails and electronic communications, dealing a blow to Britain's contentious new cyber-surveillance law.

Europe's highest court said "general and indiscriminate retention of data" by governments is unlawful and cannot be justified within a democratic society. Only targeted retention aimed at fighting serious crimes could justify such state interference, it said.

"The fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance," the court said.

Last month, Britain's Parliament passed legislation that expanded the reach of state surveillance. Dubbed the "snoopers' charter" by opponents, the law requires telecommunications companies to keep records of all customers' emails and web activity for a year, and gives officials unprecedented access to such information. A range of government departments, from police to customs officials, can access the data without a warrant.

Despite being inclined to have firms collect endless amounts of data on their customers, the British government does at least want them to protect it. Accepting a new EU law, known as the General Data Protection Regulation (GDPR), means that when introduced in 2018, British firms will be mandated to disclose any breaches that occur, and could be fined if enough protections are not in place.Over the past few years we’ve seen a number of high profile companies hit with big data breaches as hackers steal away user information by the truckload. In some cases these companies let their users know straight away, but in others it can take weeks, months or even years before the public is made aware. To combat that in future, it is now a legal mandate that firms must disclose the information in a timely manner.

Aren't both of these threads (this one and this one) talking about the same thing? Which is one of the reasons for the confusion of that last post... it would seem good to discuss both in the same thread?

This thread is talking about a regulation that makes companies legally responsible for protecting against breaches (and disclosing them), the other thread is about a ruling that prohibits governments from requiring all emails for all users to be retained for 1 year.

Both of the threads have the common, uh... thread... that the ruling or regulation is by the EU, so there is the question about whether they will apply to the UK.

Slight irony there: The EU can tolerate it, because it is not a democracy (it's a federal state run by unelected "representatives"), but it's telling the UK how to suck eggs anyway.

However, though they may have it right if they are effectively saying that the law is "bad" per se, it would be a non sequitur ("does not follow") to say that it "...cannot be justified within a democratic society", because, well it just has been justified within a democratic society - i.e., the UK parliament passes the laws, and, last time I checked, the UK parliament is a pukka democratically elected body - unlike the EU, which is not.

This thread is talking about a regulation that makes companies legally responsible for protecting against breaches (and disclosing them), the other thread is about a ruling that prohibits governments from requiring all emails for all users to be retained for 1 year.

Both of the threads have the common, uh... thread... that the ruling or regulation is by the EU, so there is the question about whether they will apply to the UK.

This thread is talking about a regulation that makes companies legally responsible for protecting against breaches (and disclosing them), the other thread is about a ruling that prohibits governments from requiring all emails for all users to be retained for 1 year.

Both of the threads have the common, uh... thread... that the ruling or regulation is by the EU, so there is the question about whether they will apply to the UK.